What is IT.Books?
IT.Books is a ransomware-type virus that encrypts data and locks screen with a ransom-demanding message. The style of lock screen is taken from Jigsaw Ransomware which may indicate both viruses is created by the same people. In order to infiltrate the system, it usually uses deceptive emails, malicious exploits, pirated software, and trojans. Following the successful penetration, the virus tries to bypass anti-malware systems and anything that may stop the virus. When it is done, it starts the encryption procedure. So, in order to be able to use encrypted files again, a victim is encouraged to transfer $600 to the cybercriminals’ account. We recommend you not to pay anything since nobody can guarantee that they will fulfill their end of the bargain. The practice shows that cybercriminals just ignore people after payment is done. In this article, you can learn how to remove IT.Books ransomware and decrypt .fucked files.
In order to encode victim’s data, IT.Books Ransomware uses AES encryption algorithm. Under this method, the private ID key required for data recovery is created during the encryption process. After this, the user is no longer able to use affected files that have got .fucked extension. For example, myfamily.jpg turns into myfamily.fucked. Once encryption process is done, it creates READ__IT.txt on the desktop that contains the following text:
Files has been encrypted with strong KEY
Send payment to our bitcoin address
you can visit google or localbitcoin to buy bitcoin.
BTC Address: 13vs2K5TiDAn6eLSevnds8esWZfeUhov2d
After payment click contact us you will recieve Decryption KEY in less than 1 hour.
As we stated earlier, the ransom note is also provided with the lock screen. The victim may find here BTC address where he is offered to transfer money. Moreover, to make users pay faster, it features a countdown timer. According to the ransom note, every hour the virus will delete 1 file until the payment is done.
Still, IT.Books ransomware does very sophisticated encryption, but it does not damage, move or delete your files, which means you have a chance to restore your personal data. For this, the first thing you got to do – to completely remove IT.Books ransomware from your computer in order to exclude reinfection. You may take advantage of the benefits of an automated removal tool that will do it for you. Or you may use our manual guide, but keep in mind that this way is only recommended for experienced users.
How to remove IT.Books from your computer?
You may try to use anti-malware tool to remove IT.Books ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
How to decrypt .fucked files?
Once you’ve removed the virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Recover data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Restore data with automated decryption tools
Unfortunately, due to the novelty of IT.Books ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.